Weapon of mass disruption: supply-chain attacks in the manufacturing industry

null

Supply chain intrusions and attacks have been a preferred method of espionage and sabotage since the start of complex manufacturing processes. As manufacturers devolve different processes due to the benefits of specialisation, and supply-chains become subsequently more dispersed and convoluted, these attacks appear to grow exponentially more frequent, detrimental and indomitable. Even the most powerful organisations, such as the world’s largest chip manufacturer Taiwan Semiconductor Manufacturing Company (TSMC), which had to shut down production a few weeks ago, are susceptible to the intrusion and damage of supply-chain attacks.  

How supply-chain attacks work:

In fact, big companies are as, if not more, susceptible than their small-to-medium enterprise (SME) counterparts. This is because a supply-chain attack seeks to damage an organisation by targeting the less secure elements in its supply network. Typically, the greater the influence and reach of a business, the greater the reliance on, and dispersal and potential vulnerability of, its supply-chain. These weak links in the chain are never the ultimate target of the attacks but rather a stepping stone, or attack path, to a more substantial and cash-rich entity.

The vulnerability of the manufacturing industry:

Exploiting service provider supply chains, data supply chains or traditional manufacturer supply chains in this way, has been seen in a litany of major data breaches in the past few years. The manufacturing industry, in particular, is experiencing attacks at an alarmingly high rate. This is for several reasons.

The first factor is the impact of globalisation on stretching and disseminating manufacturing supply-chains over the last quarter century. In the globalised world, multinational corporations (MNCs)- from car makers to hardware manufacturers- parse elements of the manufacturing and assembly process to smaller suppliers in different geographical locations to reduce costs and increase efficiency and quality. This dispersion, in turn, increases the footprint of the attack surface, making it harder to secure.

This owes to the fact that more companies, based in ever more economically diverse and disparate geographical locations, touch products within a supply chain, and not all of them can adhere to, or uphold, a universal best practice. For example, there are thousands of suppliers based in developing countries lacking sufficient levels of cyber-hygiene across their IT platforms and industrial complexes. This creates convenient points of access for hackers that are seeking to do as little work for the greatest amount of financial gain as possible. Many years ago  hackers realised it is much easier to “swim upstream” by breaching  a factory in China or Vietnam than it is, for example, to infiltrate a corporate HQ in Silicon Valley.

Secondly, manufacturers are relying more and more on third party services to improve their connectivity and support capabilities, which increase the opportunities for hackers to steal patent and IP information-the lifeblood to any company.

The last key concern is the manufacturing industry’s  failure to conduct frequent and comprehensive security updates of IT systems and networks because, as internal networks purportedly protected by firewalls, they are not treated with sufficient scrutiny. Built in obsolesce to manufacturing technology and the inability to apply security patches to machinery itself makes securing IT infrastructure difficult for even the best resourced and enabled security teams.

Can manufacturers defend against supply-chain attacks?

Due to the size and implicit susceptibility of global supply chains, and the improbability of coordinating wholesale changes in their security posture, , there is very little that manufacturers can do to completely defend themselves against attacks.

This sense of irremediableness is compounded by the fact that companies, through their awareness of the vulnerability of the greater supply chain, are purely and understandably concerned with trying to make their own network secure.

Thus, companies are faced with a dilemma: they can either segment their networks in such a way that third-party dependencies are limited to the core business functions that they interact with, and pervasive access is unpermitted, or they can confront the much greater tasks of attempting to force its own security standards upon every one of its vendors. Given the way in which global supply chains operate, this vertical security integration is not only unfeasible but also onerous and highly expensive. It can dramatically diminish profit margins for companies in a supply chain and even, counter intuitively eliminate the reasons for establishing global supply chains in the first place.

The need for detection and remediation

If absolute prevention is unattainable, especially when the rate of change within malware, hacking approaches and the manufacturing process is taken into consideration, detection and remediation is imperative to the preservation and continuity of a supply chain. This is what prevents an intrusion from becoming a major incident, such as halting production or assembly entirely, and causing significant financial and/ or reputational damage.

For manufacturers, detection and remediation means reducing their time to reaction. The most effective means of doing this is by building more cyber resilient networks that possess multiple layers of defence so, for example, if a hacker spear-phishes an individual in the wider corporation and supply-chain, it forces hackers to carry out a series of perceptible activities before it effects the supply-chain itself. By increasing the number of moves the hacker must carry out from a public-facing network, and duly magnifying the noise they make, improves the security team’s ability to react, detect and respond to prevent real damage and disruption from happening.

To further optimise the security team’s ability to do this, manufacturers should also have security analysts on staff that can increase visibility across the entire network and maintain an inventory of all machines connected to the Internet. Improving security hygiene in this way is critical to exposing the cyber-criminal’s activities early in the process before it results in IP theft and loss.

By establishing and adhering to these protocols, manufacturers and their suppliers can minimise disruption and maximise resilience and continuity.

Ross Rustici is senior manager of intelligence research at Cybereason
Image source: Shutterstock/KAMONRAT